Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, exploit-kit, file-executable, file-flash, file-image, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, malware-backdoor, malware-cnc, protocol-other, protocol-voip and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:42436 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules) * 1:42437 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera multipart boundary stack buffer overflow attempt (server-webapp.rules) * 1:42434 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42435 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules) * 1:42432 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42433 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42353 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:42431 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Video Camera CGIProxy.fcgi query append buffer overflow attempt (server-webapp.rules) * 1:42352 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:42321 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules) * 1:42322 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules) * 1:42319 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:42320 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:41345 <-> ENABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules) * 1:41344 <-> ENABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules) * 1:41313 <-> ENABLED <-> FILE-EXECUTABLE Invincea Dell Protected Workspace InvProtectDrv sandbox escape attempt (file-executable.rules) * 1:41312 <-> ENABLED <-> FILE-EXECUTABLE Invincea Dell Protected Workspace InvProtectDrv sandbox escape attempt (file-executable.rules) * 1:41309 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:41308 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:41307 <-> ENABLED <-> FILE-EXECUTABLE Invincea-X SboxDrv.sys local privilege escalation attempt (file-executable.rules) * 1:41306 <-> ENABLED <-> FILE-EXECUTABLE Invincea-X SboxDrv.sys local privilege escalation attempt (file-executable.rules) * 1:41225 <-> ENABLED <-> FILE-PDF Artifex MuPDF JBIG2 negative width value out of bounds read attempt (file-pdf.rules) * 1:41224 <-> ENABLED <-> FILE-PDF Artifex MuPDF JBIG2 negative width value out of bounds read attempt (file-pdf.rules) * 1:41223 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A plaintext password leak attempt (server-webapp.rules) * 1:41222 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application web_runScript access attempt (server-webapp.rules) * 1:41097 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A serviceAgent information disclosure attempt (server-other.rules) * 1:40930 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter GetFontTable remote code execution attempt (file-office.rules) * 1:40928 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter Doc_SetSummary remote code execution attempt (file-office.rules) * 1:40929 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter GetFontTable remote code execution attempt (file-office.rules) * 1:40931 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter DHFSummary remote code execution attempt (file-office.rules) * 1:41085 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A webSetPingTrace command injection attempt (server-webapp.rules) * 1:41103 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules) * 1:41104 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules) * 1:41105 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules) * 1:41196 <-> ENABLED <-> FILE-PDF Nitro Pro PDF Reader out of bounds write attempt (file-pdf.rules) * 1:41197 <-> ENABLED <-> FILE-PDF Nitro Pro PDF Reader out of bounds write attempt (file-pdf.rules) * 1:41220 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application HTTP response parameter injection attempt (server-webapp.rules) * 1:41221 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application HTTP response parameter injection attempt (server-webapp.rules) * 1:35832 <-> DISABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules) * 1:35833 <-> ENABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules) * 1:40758 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A backdoor root account access attempt (server-other.rules) * 1:40820 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A systemlog.log information disclosure attempt (server-webapp.rules) * 1:40821 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A makeonekey.gz information disclosure attempt (server-webapp.rules) * 1:40822 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A getonekey.gz information disclosure attempt (server-webapp.rules) * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A invalid HTTP request denial of service attempt (server-webapp.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:40909 <-> DISABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:40916 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A asqc.asp information disclosure attempt (server-webapp.rules) * 1:41352 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A Series cross-site request forgery attempt (server-webapp.rules) * 1:41364 <-> DISABLED <-> PROTOCOL-OTHER ARM mbed TLS x509 invalid public key remote code execution attempt (protocol-other.rules) * 1:41467 <-> DISABLED <-> SERVER-OTHER InsideSecure MatrixSSL x509 IssuerDomainPolicy remote code execution attempt (server-other.rules) * 1:41470 <-> DISABLED <-> FILE-PDF MuPDF Fitz library font glyph scaling code execution vulnerability attempt (file-pdf.rules) * 1:41471 <-> DISABLED <-> FILE-PDF MuPDF Fitz library font glyph scaling code execution vulnerability attempt (file-pdf.rules) * 1:41511 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules) * 1:41512 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules) * 1:41543 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules) * 1:41544 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules) * 1:41545 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules) * 1:41546 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules) * 1:41703 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules) * 1:41704 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules) * 1:41726 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules) * 1:41727 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules) * 1:41753 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules) * 1:41754 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules) * 1:41759 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules) * 1:41760 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules) * 1:41765 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules) * 1:41766 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules) * 1:42000 <-> DISABLED <-> SERVER-OTHER WolfSSL X509 parsing off-by-one code execution attempt (server-other.rules) * 1:42015 <-> DISABLED <-> SERVER-OTHER Randombit Botan Library X509 DistinguishedName out of bounds read attempt (server-other.rules) * 1:42078 <-> DISABLED <-> SERVER-WEBAPP Foscam cgiproxy.fcgi stack buffer overflow attempt (server-webapp.rules) * 1:42084 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42085 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42086 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42087 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42088 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42089 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42090 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42091 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42137 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules) * 1:42138 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules) * 1:42140 <-> ENABLED <-> FILE-IMAGE Corel PHOTO-PAINT X8 GIF Filter Code Execution Vulnerability attempt (file-image.rules) * 1:42141 <-> ENABLED <-> FILE-IMAGE Corel PHOTO-PAINT X8 GIF Filter Code Execution Vulnerability attempt (file-image.rules) * 1:42177 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules) * 1:42178 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules) * 1:42195 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules) * 1:42196 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules) * 1:42244 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42245 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42246 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42247 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42248 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise eventsAjax SQL injection attempt (server-webapp.rules) * 1:42249 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise proxy SQL injection attempt (server-webapp.rules) * 1:42250 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise translationsAjax.php SQL injection attempt (server-webapp.rules) * 1:42251 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise genericAjax SQL injection attempt (server-webapp.rules) * 1:42252 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise PHP object injection attempt (server-webapp.rules) * 1:42263 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42264 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42265 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42266 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42267 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42268 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42269 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42270 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42271 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42272 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42273 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules) * 1:42274 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules) * 1:42290 <-> DISABLED <-> SERVER-WEBAPP Openfire userimportexport plugin XML external entity injection attempt (server-webapp.rules) * 1:43846 <-> DISABLED <-> SERVER-OTHER ISC BIND malformed control channel authentication message denial of service attempt (server-other.rules) * 1:40932 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter DHFSummary remote code execution attempt (file-office.rules) * 1:43845 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43844 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43843 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43842 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:43841 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43840 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:43839 <-> DISABLED <-> INDICATOR-COMPROMISE backwards executable download (indicator-compromise.rules) * 1:43838 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash file contains reference to kernel32.dll (indicator-compromise.rules) * 1:43837 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated javascript regex (indicator-obfuscation.rules) * 1:43836 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file packed with SecureSwf obfuscator (indicator-obfuscation.rules) * 1:43835 <-> DISABLED <-> EXPLOIT-KIT RIG exploit kit Adobe Flash exploit download (exploit-kit.rules) * 1:43834 <-> DISABLED <-> FILE-OTHER Bmxplay malformed BMX buffer overflow attempt (file-other.rules) * 1:43833 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:43832 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:43831 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:43830 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:43829 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack mount service code execution attempt (server-other.rules) * 1:43828 <-> DISABLED <-> FILE-OTHER Snackamp malformed AIFF buffer overflow attempt (file-other.rules) * 1:43827 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:43826 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:43825 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Xagent outbound connection (malware-cnc.rules) * 1:43824 <-> DISABLED <-> SERVER-WEBAPP Advantech SUSIAccess Server downloadCSV.jsp directory traversal attempt (server-webapp.rules) * 1:43823 <-> DISABLED <-> SERVER-WEBAPP Advantech SUSIAccess Server downloadCSV.jsp directory traversal attempt (server-webapp.rules) * 1:43822 <-> DISABLED <-> SERVER-WEBAPP Advantech SUSIAccess Server downloadCSV.jsp directory traversal attempt (server-webapp.rules) * 1:43821 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43820 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43819 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43213 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules) * 1:43212 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules) * 1:43061 <-> DISABLED <-> SERVER-WEBAPP Foscam changeUserName command passwd file injection attempt (server-webapp.rules) * 1:43005 <-> DISABLED <-> SERVER-WEBAPP Foscam setWifiSetting command psk stack buffer overflow attempt (server-webapp.rules) * 1:41102 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules) * 1:42998 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid MCS serverRandomLen out of bounds read attempt (protocol-other.rules) * 1:42975 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid EncryptedPlatformChallenge null pointer dereference attempt (protocol-other.rules) * 1:42973 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP RSA modulus length integer underflow attempt (protocol-other.rules) * 1:42974 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid cbCompanyName out of bounds read attempt (protocol-other.rules) * 1:40927 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter Doc_SetSummary remote code execution attempt (file-office.rules) * 1:42941 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP PER length integer underflow attempt (protocol-other.rules) * 3:39775 <-> ENABLED <-> BROWSER-OTHER PhotoShare information leakage attempt (browser-other.rules)
* 1:19167 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk UDPTL processing overflow attempt (protocol-voip.rules) * 1:1985 <-> DISABLED <-> MALWARE-BACKDOOR Doly variant outbound connection attempt (malware-backdoor.rules) * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:38622 <-> DISABLED <-> SERVER-OTHER ISC BIND malformed control channel authentication message denial of service attempt (server-other.rules) * 1:38776 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized pointer attempt (browser-ie.rules) * 1:38777 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized pointer attempt (browser-ie.rules) * 1:38782 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38783 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:39219 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:39220 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:40138 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40136 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40137 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40134 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40135 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40123 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll normalize missing div child use after free attempt (browser-ie.rules) * 1:40124 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll normalize missing div child use after free attempt (browser-ie.rules) * 1:40074 <-> DISABLED <-> BROWSER-IE Microsoft Edge white-space information disclosure attempt (browser-ie.rules) * 1:40073 <-> DISABLED <-> BROWSER-IE Microsoft Edge white-space information disclosure attempt (browser-ie.rules) * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:39737 <-> DISABLED <-> SERVER-WEBAPP HttpOxy CGI application vulnerability potential man-in-the-middle attempt (server-webapp.rules) * 1:39525 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:40139 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40140 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40141 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed placeObject2 memory corruption attempt (file-flash.rules) * 1:40158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed placeObject2 memory corruption attempt (file-flash.rules) * 1:40370 <-> ENABLED <-> BROWSER-IE Microsoft Edge spread operator memory corruption attempt (browser-ie.rules) * 1:40371 <-> ENABLED <-> BROWSER-IE Microsoft Edge spread operator memory corruption attempt (browser-ie.rules) * 1:40385 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript variable type confusion attempt (browser-ie.rules) * 1:40386 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript variable type confusion attempt (browser-ie.rules) * 1:40405 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules) * 1:40829 <-> ENABLED <-> INDICATOR-COMPROMISE potential Squiblydoo application whitelisting bypass attempt (indicator-compromise.rules) * 1:40830 <-> ENABLED <-> INDICATOR-COMPROMISE potential Squiblydoo application whitelisting bypass attempt (indicator-compromise.rules) * 1:40942 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules) * 1:40943 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules) * 1:40949 <-> ENABLED <-> BROWSER-IE Microsoft Edge SIMD memory corruption attempt (browser-ie.rules) * 1:40950 <-> ENABLED <-> BROWSER-IE Microsoft Edge SIMD memory corruption attempt (browser-ie.rules) * 1:40959 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40960 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:41689 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules) * 1:41690 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules) * 1:41811 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file delete attempt (server-other.rules) * 1:42855 <-> DISABLED <-> BROWSER-PLUGINS Schneider SoMachine ActiveX clsid access attempt (browser-plugins.rules) * 1:42856 <-> DISABLED <-> BROWSER-PLUGINS Schneider SoMachine ActiveX clsid access attempt (browser-plugins.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules) * 1:39524 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:40404 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:43846 <-> DISABLED <-> SERVER-OTHER ISC BIND malformed control channel authentication message denial of service attempt (server-other.rules) * 1:43845 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43844 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43843 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43842 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:43841 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP request format string exploit attempt (file-other.rules) * 1:43840 <-> DISABLED <-> FILE-OTHER Wireshark PROFINET DCP response format string exploit attempt (file-other.rules) * 1:43839 <-> DISABLED <-> INDICATOR-COMPROMISE backwards executable download (indicator-compromise.rules) * 1:43838 <-> DISABLED <-> INDICATOR-COMPROMISE Adobe Flash file contains reference to kernel32.dll (indicator-compromise.rules) * 1:43837 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated javascript regex (indicator-obfuscation.rules) * 1:43836 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file packed with SecureSwf obfuscator (indicator-obfuscation.rules) * 1:43835 <-> DISABLED <-> EXPLOIT-KIT RIG exploit kit Adobe Flash exploit download (exploit-kit.rules) * 1:43834 <-> DISABLED <-> FILE-OTHER Bmxplay malformed BMX buffer overflow attempt (file-other.rules) * 1:43833 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:43832 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CQuotes use-after-free attempt (browser-ie.rules) * 1:43831 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:43830 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:43829 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack mount service code execution attempt (server-other.rules) * 1:43828 <-> DISABLED <-> FILE-OTHER Snackamp malformed AIFF buffer overflow attempt (file-other.rules) * 1:43827 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:43826 <-> DISABLED <-> BROWSER-OTHER Opera animation element denial of service attempt (browser-other.rules) * 1:43825 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Xagent outbound connection (malware-cnc.rules) * 1:43824 <-> DISABLED <-> SERVER-WEBAPP Advantech SUSIAccess Server downloadCSV.jsp directory traversal attempt (server-webapp.rules) * 1:43823 <-> DISABLED <-> SERVER-WEBAPP Advantech SUSIAccess Server downloadCSV.jsp directory traversal attempt (server-webapp.rules) * 1:43822 <-> DISABLED <-> SERVER-WEBAPP Advantech SUSIAccess Server downloadCSV.jsp directory traversal attempt (server-webapp.rules) * 1:43821 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43820 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43819 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43213 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules) * 1:43212 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules) * 1:43061 <-> DISABLED <-> SERVER-WEBAPP Foscam changeUserName command passwd file injection attempt (server-webapp.rules) * 1:43005 <-> DISABLED <-> SERVER-WEBAPP Foscam setWifiSetting command psk stack buffer overflow attempt (server-webapp.rules) * 1:42998 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid MCS serverRandomLen out of bounds read attempt (protocol-other.rules) * 1:42975 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid EncryptedPlatformChallenge null pointer dereference attempt (protocol-other.rules) * 1:42974 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid cbCompanyName out of bounds read attempt (protocol-other.rules) * 1:42973 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP RSA modulus length integer underflow attempt (protocol-other.rules) * 1:42941 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP PER length integer underflow attempt (protocol-other.rules) * 1:42437 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera multipart boundary stack buffer overflow attempt (server-webapp.rules) * 1:42436 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules) * 1:42435 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules) * 1:42434 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42433 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42432 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42431 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Video Camera CGIProxy.fcgi query append buffer overflow attempt (server-webapp.rules) * 1:42353 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:42352 <-> DISABLED <-> FILE-PDF Poppler readProgressiveSOF out of bounds write attempt (file-pdf.rules) * 1:42322 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules) * 1:42321 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules) * 1:42320 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:42319 <-> DISABLED <-> FILE-PDF Poppler PDF library embedded jp2 COD levels integer overflow attempt (file-pdf.rules) * 1:42290 <-> DISABLED <-> SERVER-WEBAPP Openfire userimportexport plugin XML external entity injection attempt (server-webapp.rules) * 1:42274 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules) * 1:42273 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules) * 1:42272 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42271 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42270 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42269 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42268 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42267 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42266 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42265 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42264 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42263 <-> DISABLED <-> FILE-OTHER Power Software PowerISO stack buffer overflow attempt (file-other.rules) * 1:42252 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise PHP object injection attempt (server-webapp.rules) * 1:42251 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise genericAjax SQL injection attempt (server-webapp.rules) * 1:42250 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise translationsAjax.php SQL injection attempt (server-webapp.rules) * 1:42249 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise proxy SQL injection attempt (server-webapp.rules) * 1:42248 <-> DISABLED <-> SERVER-WEBAPP ProcessMaker Enterprise eventsAjax SQL injection attempt (server-webapp.rules) * 1:42247 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42246 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42245 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42244 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42196 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules) * 1:42195 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules) * 1:42178 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules) * 1:42177 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules) * 1:42141 <-> ENABLED <-> FILE-IMAGE Corel PHOTO-PAINT X8 GIF Filter Code Execution Vulnerability attempt (file-image.rules) * 1:42140 <-> ENABLED <-> FILE-IMAGE Corel PHOTO-PAINT X8 GIF Filter Code Execution Vulnerability attempt (file-image.rules) * 1:42138 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules) * 1:42137 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules) * 1:42091 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42090 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42089 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42088 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42087 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42086 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42085 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42084 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid NewSubFileType memory corruption attempt (file-image.rules) * 1:42078 <-> DISABLED <-> SERVER-WEBAPP Foscam cgiproxy.fcgi stack buffer overflow attempt (server-webapp.rules) * 1:42015 <-> DISABLED <-> SERVER-OTHER Randombit Botan Library X509 DistinguishedName out of bounds read attempt (server-other.rules) * 1:42000 <-> DISABLED <-> SERVER-OTHER WolfSSL X509 parsing off-by-one code execution attempt (server-other.rules) * 1:41766 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules) * 1:41765 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules) * 1:41760 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules) * 1:41759 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules) * 1:41754 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules) * 1:41753 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules) * 1:41727 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules) * 1:41726 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules) * 1:41704 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules) * 1:41703 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules) * 1:41546 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules) * 1:41545 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules) * 1:41544 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules) * 1:41543 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules) * 1:41512 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules) * 1:41511 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules) * 1:41471 <-> DISABLED <-> FILE-PDF MuPDF Fitz library font glyph scaling code execution vulnerability attempt (file-pdf.rules) * 1:41470 <-> DISABLED <-> FILE-PDF MuPDF Fitz library font glyph scaling code execution vulnerability attempt (file-pdf.rules) * 1:41467 <-> DISABLED <-> SERVER-OTHER InsideSecure MatrixSSL x509 IssuerDomainPolicy remote code execution attempt (server-other.rules) * 1:41364 <-> DISABLED <-> PROTOCOL-OTHER ARM mbed TLS x509 invalid public key remote code execution attempt (protocol-other.rules) * 1:41352 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A Series cross-site request forgery attempt (server-webapp.rules) * 1:41345 <-> ENABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules) * 1:41344 <-> ENABLED <-> FILE-OTHER CorelDRAW X8 EMF invalid ihBrush field value out of bounds read attempt (file-other.rules) * 1:41313 <-> ENABLED <-> FILE-EXECUTABLE Invincea Dell Protected Workspace InvProtectDrv sandbox escape attempt (file-executable.rules) * 1:41312 <-> ENABLED <-> FILE-EXECUTABLE Invincea Dell Protected Workspace InvProtectDrv sandbox escape attempt (file-executable.rules) * 1:41309 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:41308 <-> DISABLED <-> FILE-OTHER Dell Precision Optimizer dll-load exploit attempt (file-other.rules) * 1:41307 <-> ENABLED <-> FILE-EXECUTABLE Invincea-X SboxDrv.sys local privilege escalation attempt (file-executable.rules) * 1:41306 <-> ENABLED <-> FILE-EXECUTABLE Invincea-X SboxDrv.sys local privilege escalation attempt (file-executable.rules) * 1:41225 <-> ENABLED <-> FILE-PDF Artifex MuPDF JBIG2 negative width value out of bounds read attempt (file-pdf.rules) * 1:41224 <-> ENABLED <-> FILE-PDF Artifex MuPDF JBIG2 negative width value out of bounds read attempt (file-pdf.rules) * 1:41223 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A plaintext password leak attempt (server-webapp.rules) * 1:41222 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application web_runScript access attempt (server-webapp.rules) * 1:41221 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application HTTP response parameter injection attempt (server-webapp.rules) * 1:41220 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application HTTP response parameter injection attempt (server-webapp.rules) * 1:41197 <-> ENABLED <-> FILE-PDF Nitro Pro PDF Reader out of bounds write attempt (file-pdf.rules) * 1:41196 <-> ENABLED <-> FILE-PDF Nitro Pro PDF Reader out of bounds write attempt (file-pdf.rules) * 1:41105 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules) * 1:41104 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules) * 1:41103 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules) * 1:41102 <-> ENABLED <-> SERVER-WEBAPP Moxa AWK-3131A web application cross site scripting attempt (server-webapp.rules) * 1:41097 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A serviceAgent information disclosure attempt (server-other.rules) * 1:41085 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A webSetPingTrace command injection attempt (server-webapp.rules) * 1:40932 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter DHFSummary remote code execution attempt (file-office.rules) * 1:40931 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter DHFSummary remote code execution attempt (file-office.rules) * 1:40930 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter GetFontTable remote code execution attempt (file-office.rules) * 1:40929 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter GetFontTable remote code execution attempt (file-office.rules) * 1:40928 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter Doc_SetSummary remote code execution attempt (file-office.rules) * 1:40927 <-> ENABLED <-> FILE-OFFICE AntennaHouse HTMLFilter Doc_SetSummary remote code execution attempt (file-office.rules) * 1:40916 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A asqc.asp information disclosure attempt (server-webapp.rules) * 1:40909 <-> DISABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:40908 <-> ENABLED <-> SERVER-OTHER Foscam C1 backdoor account ftp login attempt (server-other.rules) * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A invalid HTTP request denial of service attempt (server-webapp.rules) * 1:40822 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A getonekey.gz information disclosure attempt (server-webapp.rules) * 1:40821 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A makeonekey.gz information disclosure attempt (server-webapp.rules) * 1:40820 <-> DISABLED <-> SERVER-WEBAPP Moxa AWK-3131A systemlog.log information disclosure attempt (server-webapp.rules) * 1:40758 <-> DISABLED <-> SERVER-OTHER Moxa AWK-3131A backdoor root account access attempt (server-other.rules) * 1:35833 <-> ENABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules) * 1:35832 <-> DISABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules) * 3:39775 <-> ENABLED <-> BROWSER-OTHER PhotoShare information leakage attempt (browser-other.rules)
* 1:19167 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk UDPTL processing overflow attempt (protocol-voip.rules) * 1:1985 <-> DISABLED <-> MALWARE-BACKDOOR Doly variant outbound connection attempt (malware-backdoor.rules) * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:38622 <-> DISABLED <-> SERVER-OTHER ISC BIND malformed control channel authentication message denial of service attempt (server-other.rules) * 1:38776 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized pointer attempt (browser-ie.rules) * 1:38777 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer uninitialized pointer attempt (browser-ie.rules) * 1:38782 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:38783 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word TTF out-of-bounds memory access attempt (file-office.rules) * 1:39219 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:39220 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll uninitialized pointer vulnerability attempt (browser-ie.rules) * 1:39524 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39525 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel empty bookViews element denial of service attempt (file-office.rules) * 1:39737 <-> DISABLED <-> SERVER-WEBAPP HttpOxy CGI application vulnerability potential man-in-the-middle attempt (server-webapp.rules) * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:40073 <-> DISABLED <-> BROWSER-IE Microsoft Edge white-space information disclosure attempt (browser-ie.rules) * 1:40074 <-> DISABLED <-> BROWSER-IE Microsoft Edge white-space information disclosure attempt (browser-ie.rules) * 1:40123 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll normalize missing div child use after free attempt (browser-ie.rules) * 1:40124 <-> ENABLED <-> BROWSER-IE Microsoft Edge edgehtml.dll normalize missing div child use after free attempt (browser-ie.rules) * 1:40134 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40135 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40136 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40137 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40138 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40139 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40140 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40141 <-> ENABLED <-> BROWSER-IE Microsoft Edge HTML normalize caption memory corruption attempt (browser-ie.rules) * 1:40157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed placeObject2 memory corruption attempt (file-flash.rules) * 1:40158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed placeObject2 memory corruption attempt (file-flash.rules) * 1:40370 <-> ENABLED <-> BROWSER-IE Microsoft Edge spread operator memory corruption attempt (browser-ie.rules) * 1:40371 <-> ENABLED <-> BROWSER-IE Microsoft Edge spread operator memory corruption attempt (browser-ie.rules) * 1:40385 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript variable type confusion attempt (browser-ie.rules) * 1:40386 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vbscript variable type confusion attempt (browser-ie.rules) * 1:40404 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules) * 1:40405 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer eval type confusion attempt (browser-ie.rules) * 1:40829 <-> ENABLED <-> INDICATOR-COMPROMISE potential Squiblydoo application whitelisting bypass attempt (indicator-compromise.rules) * 1:40830 <-> ENABLED <-> INDICATOR-COMPROMISE potential Squiblydoo application whitelisting bypass attempt (indicator-compromise.rules) * 1:40942 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules) * 1:40943 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI32.dll cmap numUVSMappings overflow attempt (file-other.rules) * 1:40949 <-> ENABLED <-> BROWSER-IE Microsoft Edge SIMD memory corruption attempt (browser-ie.rules) * 1:40950 <-> ENABLED <-> BROWSER-IE Microsoft Edge SIMD memory corruption attempt (browser-ie.rules) * 1:40959 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:40960 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ddeService command execution attempt (file-office.rules) * 1:41689 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules) * 1:41690 <-> DISABLED <-> SERVER-OTHER PHP Exception Handling remote denial of service attempt (server-other.rules) * 1:41811 <-> DISABLED <-> SERVER-OTHER Apache ActiveMQ fileserver broker service file delete attempt (server-other.rules) * 1:42855 <-> DISABLED <-> BROWSER-PLUGINS Schneider SoMachine ActiveX clsid access attempt (browser-plugins.rules) * 1:42856 <-> DISABLED <-> BROWSER-PLUGINS Schneider SoMachine ActiveX clsid access attempt (browser-plugins.rules) * 1:43543 <-> DISABLED <-> FILE-OTHER multiple vulnerabilities malformed .m3u file buffer overflow attempt (file-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
